Mark Minasi's Windows Networking Tech Page
Issue #108 May 2013

Document copyright 2013 Mark Minasi; please see below for info on subscribing, unsubscribing or copying portions of this text.

What's Inside

  • News
    • Learn with My Seminars, Audio Recordings and More!
  • Tech Section
    • CHKDSK 2012:  Fear CHKDSK No More
  • Conferences
  • To Subscribe, Unsubscribe, Read Old Newsletters or Change Your Email Address


Hi all —

Last issue, I examined exactly what CHKDSK /F does (and has done since Windows 2000), and in particular what's going on with the automatic CHKDSK that we sometimes see at boot time.  Seeing that "I'm going to run CHKDSK" countdown presents server admins with a terrible choice.  On the one hand, if  we allow CHKDSK to do its scanning and fixing of a disk suspected to have troubles then we may avoid a catastrophic loss of data, which is great.  At the same time, however, that scan may take hours and hours... hours wherein that vital server is offline.  This month, I've got some good news on that front, at least for people running Windows 8 or Server 2012.  CHKDSK still must run at boot time to address a class of disk problems -- no change there -- but when it must fix the disk, the fix will usually just take a minute or two, rather than hours.  I think you'll find that some good news and I'll explain it in this newsletter but first, a word from our sponsor...

CHKDSK 2012:  Fear CHKDSK No More

So let's review: for many years, Windows has reacted to disk behavior that seems to presage serious data errors by telling CHKDSK, "start up in pre-boot time and give such-and-such drive a thorough scan and repair."  On the next boot, Windows halts the boot process early on and tells CHKDSK to do that scan and fix.  Even simply scanning a drive of common modern large drive takes a lot of time even on a drive without problems, leading to the "but I can't take that server offline for several housr!" problem.

2012's time-saving solution is, in retrospect, painfully obvious:

  • During normal working hours, run CHKDSK in the background a few times a day doing a simple non-invasive scan of your volumes.
  • When it comes across an area on the disk that seems troubled, it writes the location of that troubled area to a pair of new files named $corrupt and $verify and sets the "run CHKDSK at boot time" flag.  So far, no change.
  • When CHKDSK does do a pre-boot run, it needn't do a time-consuming scan, as it already knows where the problem areas are.  It need only read that "things to fix" file, and so can make the fixes in minutes, allowing a quick reboot and lets-get-to-work for your server.
  • That short version when it comes to CHKDSK in Server 2012 and Windows 8 is, then, is "do nothing, and when CHKDSK wants to run at boot time, let it."

Want more detail?  Here's the story of CHKDSK 2012.

Phase One:  Regular Scans, $Corrupt and $Verify

CHKDSK in the latest versions of Windows has a new option, "/scan."  It looks like

chkdsk c: /scan

You needn't probably ever run it, however, as Server 2012 and Windows 8 already have a prebuilt regular task called "ProActiveScan" that runs chkdsk /scan at least once a day.  You can get some information on that job by typing get-scheduledtask proactivescan | select *, but you won't see much -- it's some sort of prebuilt task whose internal structure is opaque to all of the Task Scheduler admin tools that I know of.

Chkdsk /scan does several things.  First, as its name suggests, it touches all of your disk, examining clusters and data structures to find problems early.  Second, chkdsk /scan will fix any minor errors that it can, right on the fly.  If you want /scan to run as non-invasively as is possible, add the option "/forceofflinefix" to keep /scan from doing even these small fixes.  /Scan runs in low priority, but if for some reason you want it to steal a bit more CPU and run in higher priority, add the option /perf, as in

chkdsk e: /scan /perf /forceofflinefix

When chkdsk /scan comes across a serious this-needs-a-dismount-to-fix sort of problem, it notes the location of the problem in one of two new files, $corrupt and $verify.  $corrupt contains the locations of definite problems, and $verify contains the locations of possible problems -- ones that will be easier to test and perhaps fix in an offline CHKDSK session.  As you'd guess, whenever CHKDSK /scan runs and must put anything in the $verify and/or $corrupt files, then it also schedules an offline CHKDSK session.  You can find out if CHKDSK has scheduled an offline session with the same chkntfs tool that I discussed in the previous newsletter.  You can also see the current state of $verify and $corrupt with some fsutil commands:

  • fsutil repair enumerate C: will display any records in $corrupt on the C: volume.
  • fsutil repair enumerate E: $verify displays any records in $verify on the E: volume.

Phase Two:  Fix, but Quickly

When called to do a pre-boot disk fixing session, CHKDSK knows not to scan and just to fix with the $corrupt and $verify info because it's called with a new option, /spotfix, as in

chkdsk c: /spotfix

That takes the volume in question offline, handles the fixes and terminates.

What was the long part of the story becomes quite short in 8/2012.  You may recall that pre-2012 versions of Windows showed a 30 second countdown before running CHKDSK.  In 2012, that timeout wait goes to one second for Windows 8 and 10 seconds for Server 2012, so if for some reason you want to bump it back up to where it was before, open an elevated command prompt and type

chkntfs /t:30

As ten seconds is kind of quick, you might miss the pre-boot CHKDSK session altogether.  You can see what CHKDSK has been up to by searching the System event log for error, critical or warning events from source "Ntfs (Microsoft-Windows-Ntfs)."  You can do that by creating a filter in the Event Viewer like so:

  • In the Event Viewer's left-hand pane, right-click Custom Views.
  • Click "Create custom view."
  • That raises a dialog named "Create Custom View."
  • Check the boxes next to "Event level:" labeled "Critical," "Warning," and "Error."
  • Click the radio button below that named "By source  Event sources:"
  • Click the drop-down to the right of "Event sources:"
  • Press "n" to get you to the "n's" in the long list of sources.  Then scroll down to "NTFS (Microsoft-Windows-Ntfs)" and check that.
  • Click the "OK" button at the bottom of the dialog.
  • You'll now have a dialog labeled "Save Filter to Custom View."  Give it a name like "NTFS errors" and OK, and you'll have a new custom view that will grab all of the NTFS errors.

Now, that's all of the NTFS errors.  You can refine that further by right-clicking on your new custom view, choose "Find" and you can then enter some text to search.  Type in "chkdsk" and you'll get just the NTFS errors that name CHKDSK.

All in all, this "kindler, gentler CHKDSK" has to be one of Windows 8 and Server 2012's best "quiet" new features.

To Subscribe, Read Old Newsletters, Send Me a Comment or Change Your Email Address

To subscribe: (which just means I'll send you about a three-tweet-sized message in plain text via email including a link to my latest newsletter), please visit

To change e-mail or other info, drop me a line (haven't figured out a secure method yet).

To read old newsletters: visit and, if you like 'em, please consider subscribing.

To send me a comment:  I'm at

All contents copyright 2013 Mark Minasi.  I encourage you to quote this material, so long as you include this entire document. Thanks very much for reading, and see you next time.